LNCS 2331 




Peter M. A. Sloot 
C. J. Kenneth Tan 
Jack J. Dongarra 
Alfons G. Hoekstra (Eds.) 



Computational 
Science - ICCS 2002 

International Conference 

Amsterdam, The Netherlands, April 2002 

Proceedings 



a 

W Partin 



Springer 




Lecture Notes in Computer Science 2030 

Edited by G. Goes, J. Hartmanis and J. van Leeuwen 




Springer 

Berlin 

Heidelberg 

New York 

Barcelona 

Hong Kong 

London 

Milan 

Paris 

Singapore 

Tokyo 




Furio Honsell Marino Miculan (Eds.) 



Foundations 
of Software Science and 
Computation Structures 



4th International Conference, FOSS ACS 2001 
Held as Part of the Joint European Conferences 
on Theory and Practice of Software, ETAPS 2001 
Genova, Italy, April 2-6, 2001 
Proceedings 




Springer 




Series Editors 



Gerhard Goos, Karlsruhe University, Germany 
Juris Hartmanis, Cornell University, NY, USA 
Jan van Leeuwen, Utrecht University, The Netherlands 

Volume Editors 

Furio Honsell 
Marino Miculan 

Universita di Udine, Dipartimento di Matematica e Informatica 
Via delle Scienze 206,33100 Udine, Italy 
E-mail: {honsell/miculan} @dimi.uniud.it 

Cataloging-in-Publication Data applied for 

Die Deutsche Bibliothek - CIP-Einheitsaufnahme 

Foundations of software science and computation structures : 4th 
international conference ; proceedings / FOSS ACS 2001, held as part of 
the Joint European Conferences on Theory and Practice of Software, 
ETAPS 2001, Genova, Italy, April 2-6, 2001. Furio Honsell ; Marino 
Miculan (ed.). - Berlin ; Heidelberg ; New York ; Barcelona ; Hong 
Kong ; London Milan ; Paris ; Singapore ; Tokyo : Springer, 2001 
(Lecture notes in computer science ; Vol. 2030) 

ISBN 3-540-41864-4 



CR Subject Classification (1998): F.3, F.4.2, F.1.1, D.3.3-4, D.2.1 
ISSN 0302-9743 

ISBN 3-540-41864-4 Springer- Verlag Berlin Heidelberg New York 



This work is subject to copyright. All rights are reserved, whether the whole or part of the material is 
concerned, specifically the rights of translation, reprinting, re-use of illustrations, recitation, broadcasting, 
reproduction on microfilms or in any other way, and storage in data banks. Duplication of this publication 
or parts thereof is permitted only under the provisions of the German Copyright Law of September 9, 1965, 
in its current version, and permission for use must always be obtained from Springer- Verlag. Violations are 
liable for prosecution under the German Copyright Law. 

Springer- Verlag Berlin Heidelberg New York 

a member of BertelsmannSpringer Science+Business Media GmbH 

http://www.springer.de 

© Springer-Verlag Berlin Heidelberg 2001 
Printed in Germany 

Typesetting: Camera-ready by author, data conversion by PTP-Berlin, Stefan Sossna 
Printed on acid-free paper SPIN: 10782468 06/3142 5 4 3 2 1 0 




Foreword 



ETAPS 2001 was the fourth instance of the European Joint Conferences on 
Theory and Practice of Software. ETAPS is an annual federated conference that 
was established in 1998 by combining a number of existing and new conferences. 
This year it comprised five conferences (FOSSACS, EASE, ESOP, CC, TAG AS), 
ten satellite workshops (CMCS, ETI Day, JOSES, LDTA, MMAABS, PFM, 
RelMiS, UNIGRA, WADT, WTUML), seven invited lectures, a debate, and ten 
tutorials. 

The events that comprise ETAPS address various aspects of the system deve- 
lopment process, including specification, design, implementation, analysis, and 
improvement. The languages, methodologies, and tools which support these ac- 
tivities are all well within its scope. Different blends of theory and practice are 
represented, with an inclination towards theory with a practical motivation on 
one hand and soundly-based practice on the other. Many of the issues involved 
in software design apply to systems in general, including hardware systems, and 
the emphasis on software is not intended to be exclusive. 

ETAPS is a loose confederation in which each event retains its own identity, 
with a separate program committee and independent proceedings. Its format is 
open-ended, allowing it to grow and evolve as time goes by. Gontributed talks 
and system demonstrations are in synchronized parallel sessions, with invited 
lectures in plenary sessions. Two of the invited lectures are reserved for “unify- 
ing” talks on topics of interest to the whole range of ETAPS attendees. The 
aim of cramming all this activity into a single one-week meeting is to create a 
strong magnet for academic and industrial researchers working on topics within 
its scope, giving them the opportunity to learn about research in related areas, 
and thereby to foster new and existing links between work in areas that were 
formerly addressed in separate meetings. 

ETAPS 2001 was hosted by the Dipartimento di Informatica e Scienze dellTnfor- 
mazione (DISI) of the Universita di Genova and was organized by the following 
team: 

Egidio Astesiano (General Ghair) 

Eugenio Moggi (Organization Ghair) 

Maura Gerioli (Satellite Events Ghair) 

Gianna Reggio (Publicity Ghair) 

Davide Ancona 
Giorgio Delzanno 
Maurizio Martelli 

with the assistance of Gonvention Bureau Genova. Tutorials were organized by 
Bernhard Rumpe (TU Miinchen) . Overall planning for ETAPS conferences is the 
responsibility of the ETAPS Steering Gommittee, whose current membership is: 

Egidio Astesiano (Genova), Ed Brinksma (Enschede), Pierpaolo Degano 
(Pisa), Hartmut Ehrig (Berlin), Jose Fiadeiro (Lisbon), Marie-Glaude 
Gaudel (Paris), Susanne Graf (Grenoble), Furio Honsell (Udine), Nigel 
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Foreword 



Horspool (Victoria), Heinrich HuBmann (Dresden), Paul Klint (Amster- 
dam), Daniel Le M’etayer (Rennes), Tom Maibaum (London), Tiziana 
Margaria (Dortmund), Ugo Montanari (Pisa), Mogens Nielsen (Aar- 
hus), Hanne Riis Nielson (Aarhus), Fernando Orejas (Barcelona), And- 
reas Podelski (Saarbriicken), David Sands (Goteborg), Don Sannella 
(Edinburgh), Perdita Stevens (Edinburgh), Jerzy Tiuryn (Warsaw), Da- 
vid Watt (Glasgow), Herbert Weber (Berlin), Reinhard Wilhelm (Saar- 
briicken) 

ETAPS 2001 was organized in cooperation with 
the Association for Gomputing Machinery 

the European Association for Programming Languages and Systems 
the European Association of Software Science and Technology 
the European Association for Theoretical Gomputer Science 

and received generous sponsorship from: 

ELSAG 

Fondazione Gassa di Risparmio di Genova e Imperia 

INDAM - Gruppo Nazionale per I’Informatica Matematica (GNIM) 

Marconi 

Microsoft Research 
Telecom Italia 
TXT e-solutions 
Universita di Genova 

I would like to express my sincere gratitude to all of these people and organiza- 
tions, the program committee chairs and PG members of the ETAPS conferen- 
ces, the organizers of the satellite events, the speakers themselves, and finally 
Springer- Verlag for agreeing to publish the ETAPS proceedings. 
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Donald Sannella 
ETAPS Steering Gommittee chairman 




Preface 



The present volume contains the proceedings of the international conference 
Foundations of Software Science and Computation Structures (FOSSACS 2001), 
held in Genova, Italy, April 2-4, 2001. FOSSACS is a constituent event of the 
Joint European Conferences on Theory and Practice of Software (ETAPS). This 
was the fourth meeting of ETAPS. The previous three meetings took place in 
Lisbon (1998), Amsterdam (1999), and Berlin (2000). 

FOSSACS seeks papers significant to software sciences, which offer progress 
in foundational research. Central objects of interest are the algebraic, catego- 
rical, logical, and geometric theories, models, and methods which support the 
specification, synthesis, verification, analysis, and transformation of sequential, 
concurrent, distributed, and mobile programs and software systems. This volume 
deals with a wide spectrum of topics within this scope, many of which are moti- 
vated by recent trends and problems in the practice of software and information 
technology. 

There are 27 papers in these proceedings. The first one accompanies the in- 
vited lecture Adequacy for algebraic effects, delivered by Gordon Plotkin (Edin- 
burgh University) at FOSSACS 2001. The last one concerns a tool presentation. 
The other 25 are contributed papers, selected out of a total of 63 submissions. 
Each paper was thoroughly evaluated by the PC members. The selection proce- 
dure ended with a virtual meeting of the Program Committee which lasted over 
a week. I would like to sincerely thank all of the PC members for the excellent 
work they did during this difficult process. The tool presentation was selected 
by a special committee appointed by Donald Sannella the ETAPS Chairman. 

Very special thanks go to the co-editor of these proceedings Marino Miculan, 
whose assistance has been invaluable in organizing the conference web-page, the 
electronic submission, reviewing, and notification processes, as well as in prepa- 
ring the files for the publisher. Thanks to Richard van de Stadt for producing 
and allowing us to utilize the CyherChair software. And thanks also to all the 
members of the Organizing Committee, chaired by Egidio Astesiano, Eugenio 
Moggi, and Gianna Reggio. Finally I would like to thank the Steering Commit- 
tee of ETAPS, and especially its Chairman Donald Sannella, for the precious 
advice and excellent coordination in all the various activities leading up to this 
FOSSACS conference. 
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Furio Honsell 

FOSSACS 2001 Program Committee Chair 
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Adequacy for Algebraic Effects* 



Gordon Plotkin and John Power 

Division of Informatics, University of Edinburgh, King’s Buildings, 
Edinburgh EH9 3JZ, Scotland 



Abstract. Moggi proposed a monadic account of computational effects. 
He also presented the computational A-calculus, Ac, a core call- by- value 
functional programming language for effects; the effects are obtained by 
adding appropriate operations. The question arises as to whether one 
can give a corresponding treatment of operational semantics. We do 
this in the case of algebraic effects where the operations are given by 
a single-sorted algebraic signature, and their semantics is supported by 
the monad, in a certain sense. We consider call-by-value PCF with — 
and without — recursion, an extension of Ac with arithmetic. We prove 
general adequacy theorems, and illustrate these with two examples: non- 
determinism and probabilistic nondeterminism. 



1 Introduction 

Moggi introduced the idea of a general account of computational effects, propos- 
ing encapsulating them via monads T : C — >■ C; the main idea is that T(x) is 
the type of computations of elements of x. He also presented the computational 
A-calculus Ac as a core call-by-value functional programming language for ef- 
fects izg The effects themselves are obtained by adding appropriate operations, 
specified by a signature E. Moggi introduced the consideration of these opera- 
tions in the context of his metalanguage ML(A7) whose purpose is to give the 
semantics of programming languages . but which is not itself thought of 

as a programming language. 

In our view any complete account of computation should incorporate a treat- 
ment of operational semantics; this has been lacking for the monadic view. To 
progress, one has to deal with the operations as they are the source of the effects. 
In this paper we give such a treatment in the case of algebraic effects where the 
operations are given by a single-sorted algebraic signature A7; semantically such 
an n-ary operation / is taken to denote a family of morphisms 

u : T{xT T{x) 

parametrically natural with respect to morphisms in the Kleisli category Ct^; 
T is then said to support the family f^- (In [22] only naturality with respect 
to morphisms in C is considered; we use the stronger assumption.) Note that 

* This work has been done with the support of EPSRC grant GR/M56333: The Struc- 
ture of Programming Languages: Syntax and Semantics. 
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there is no assumption that the monads at hand are commutative. For C = Set, 
examples are the finite powerset monad and binary choice operations; the monad 
for probabilistic nondeterminism and probabilistic choice operations; and the 
monad for printing and the printing operations (these are noncommutative) . 
As will be discussed below, there are natural analogues of these examples in 
the domain-theoretic context where C = Dcppo, the category of dcppos and 
continuous functions. Generally, suppose we are given a category C with finite 
products and a finitary equational theory over a signature S. Assuming free 
A-algebras exist, let T be the associated monad. Then every operation symbol 
yields such a family, in an evident way. In the case C = Set a converse holds, 
that every parametrically natural family arises as a composition of such families, 
as follows, e.g., from a remark in Section 0 below. 

On the other hand, for example, the exceptions monad does not support 
its exception handling operation: only the weaker naturality holds there. This 
monad is a free algebra functor for an equational theory, viz the one that has a 
constant for each exception and no equations; however the exception handling 
operation is not definable: only the exception raising operations are. Other stan- 
dard monads present further difficulties. So while our account of operational 
semantics is quite general, it certainly does not cover all cases; it remains to be 
seen if it can be further extended. 

To give an account of operational semantics we need a programming language 
based on the computational A-calculus with some basic datatypes and functions 
in order to permit computation. We take as the test of our account whether a 
useful general adequacy theorem can be proved. So we consider a call- by- value 
PCF with algebraic effects, an extension of the computational A-calculus with 
operations, arithmetic and recursion (see, e.g., for versions of call-by- 

value PCF). We begin by treating the sublanguage without recursion. Section El 
presents both a small step and a (collecting) big step operational semantics; 
there is also an associated evaluation function. Section 0 considers denotational 
semantics and gives an adequacy theorem. The semantics is given axiomatically 
in terms of a suitable class of categorical structures appropriately extending the 
usual monadic view of the computational A-calculus. This could as well have 
been based on closed Freyd categories EDI, and El is a treatment of nondeter- 
minism along such lines. Section^ considers two examples: nondeterminism and 
probabilistic nondeterminism. 

We consider the full language with recursion in Section 0 Small step se- 
mantics is straightforward, but big step semantics presents some difficulties as 
evaluation naturally yields infinite values since programs may not terminate. 
We also consider an intermediate medium step semantics which is big step as re- 
gards effect-free computation and small step as regards effects. For the semantics 
we assume a suitable order-enrichment m in order to give a least fixed-point 
treatment of recursion. This then yields an adequacy theorem, which is the main 
result of the paper. One wonders if a more general treatment of recursion is pos- 
sible within synthetic or axiomatic domain theory, cf. In Section 0 we revisit 
the examples, but with recursion now present. Finally, in Section 0 we present 
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some ideas for further progress. While all definitions are given in Section 0 
some previous knowledge of domain theory is really assumed; for Section El this 
is essential as both ordinary and probabilistic powerdomains are considered. 

Our treatment of operational semantics might well be seen as rather formal 
and does not immediately specialise to the usual accounts for the examples at 
hand. In a way this has to be so: it is hard to imagine a theory which yields 
the natural operational semantics for any possible computational effect. On the 
other hand we can prove adequacy (with and without recursion) for our formal 
approach and then easily recover adequacy results for the standard operational 
semantics of the various examples. 



2 PCF without Recursion: Operational Semantics 

We begin with the syntax of our language. Its types are given by 
(T ::= t|o|I|(TX(T|cr— ;>(T 

where l is the type of the natural numbers and o is that of the booleans. For 
the terms, we assume we are given a single-sorted algebraic signature S and a 
countably infinite set of variables x; the signature provides a set of operation 
symbols / and associates an arity ary > 0 to each. The terms are given by 

M ::= 0 I succ(M) | zero(M) | pred(M) | 
it \ ff \ M then M else M \ 

* I <M,M> I 7Ti(M) I 7T2(M) I 

a: I Aa: : a.M \ MM \ 

/(Mi,...,M„) 

where, in the last clause, / is an operation symbol of arity n. Substitution 
M[N/x] is defined as usual, and we identify terms up to a-equivalence. 

As regards comparison with Ac, we have fixed a particular set of base types, 
viz 6 and o, and function symbols, viz 0, succ, zero, pred, it and ff. We also have 
a conditional construct if and the operation symbols / from S. We do not have 
a type constructor T{a) as it may be defined to be 1 — cr. Nor do we have a let 
constructor or constructions \M] or fi{M) as we consider let x : a = M in N 
as syntactic sugar for {Xx : a.N)M (preferring explicit declaration of types in 
binding contexts), and [M] as syntactic sugar for Xx : l.M, where x is fresh, and 
/i(M) as syntactic sugar for M*. 

The typing rules specify the well formed sequents 

T h M : cr 

The rules will all be evident, except perhaps, that for the last construct, which 
is 

r h Mi : a (for i = l,n) 

Th/(Mi,...,M„) :a 
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(where aif = n). Thus effects can occur at any type. We write M : a for h M : cr 
and say then that the (closed) term M is well-typed. 

We give both a small step and a collecting big step operational semantics. 
These are given without using any further information on the operations; it is 
in that sense that they are purely formal. One might instead have introduced 
equations corresponding to the intended effects, e.g., semilattice equations for 
finite nondeterminism, as in m and then worked with operational semantics up 
to provable equality. 

The small step semantics proceeds by means of two kinds of transitions be- 
tween closed terms, an unlabelled one 

M ^ M' 

and a labelled one 

M h M' 

where / is an operation symbol of arity n > 0 and 1 < i < n, and there is also 
a predicate on closed terms 

MU 

for operations a of arity 0 i.e., eonstants. The unlabelled transition relation cor- 
responds to effect-free computation; the labelled one corresponds to an effect, 
which is mirrored syntactically by “entering” the ith argument place of an op- 
eration symbol / of strictly positive arity. Constants yield a kind of exceptional 
termination. 

Transitions terminate at values, given by 

V ::= 0 I succ(F) | tt \ jf \ * \ <V,V > \ Xx : a.M 

where we restrict Xx : a.M to be closed. We write n for succ”(0). 

It is convenient to use Felleisen’s idea [Z| of specifying transitions via evalu- 
ation contexts and redexes. The evaluation contexts here are given by: 

E ::= [] I succ(£’) | zero(if) | pred(if) | if E then M else M \ 
<E,M>\<V,E> \ tti{E) I tt2{E) \ EM \ VE 

where the terms appearing are restricted to be closed. 

Redexes and their transitions are given by: 

zero(O) — ?> tt zero( n -|- 1 ) — >• ff 

pred(O) — >■ 0 pred( n -|- 1 ) — >• n 
if tt then M else N ^ M it jf then M else N ^ N 
7Tl{<V,V' >) -^ V TT2{<V,V>) 

{Xx : a.M)V — >■ M\V/x\ 

/(Mi,...,M„) 4 m, 
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where, in the last clause, n = aif >0, and 1 < i < n, and where we restrict the 
redexes (the left hand sides) to be closed. Noting that — >■ is deterministic here, 
we will find it useful to write for the unique N , if any, such that R ^ N. For 
any closed well- typed term one of three mutually exclusive possibilities holds: it 
is a value; it has the form E[R] for a unique E and R; or it has the form if [a()] 
for a unique E and a. 

We now define the transition relations by the two rules: 

R^ N 
E[R] E[N] 

rA N 
E[R] 4 E[N] 

and the predicate by the rule 

E[a{)] U 

For any closed well-typed term M which is not a value, exactly one of three 
mutually exclusive possibilities hold: 

— M — >■ for some N; in this case N is determined and of the same type as 

M. 

f. 

— M Ni for some / and Ni (1 < i < ar/); in this case / and the Ni are 
determined and the latter are of the same type as M. 

— M ]^a for some a; in this case a is determined. 

The big step operational semantics 

M^t 



evaluates closed terms to effect values, which are the terms given by 

t ::= V \ 

The idea is that these terms “collect” together all the possible effects of a com- 
putation. The big step semantics is then defined by the following rules 



V^V 



R^ N E[N] ^ t 
E[R] ^ t 



rA N, E[Ni\ (i = l,n) 

E[R] ^ 

£:[a()] ^ a{) 



(where n 



ar/) 



Note that a closed term evaluates to at most one effect value; also if that term is 
well-typed, so is the effect value and it has the same type as the term. Small step 
and big step operational semantics can both be presented structurally. Example 
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M ^ M' 


M h M' 


MU 


MN M’N 


MN 4 M'N 


N ^ N' 


TV 4 Af' 


TV;, 


VN -)■ VN' 


VN 4 FTV 


, VNU 


(Ax 


: a.M)V M[V/x] 



Fig. 1. Small Step Rules for Function Application. 



small step rules for function application are given in Figure 0 The other rules 
for small step operational semantics can easily be given in the same (somewhat 
tedious) style. 

The rules for big step semantics are not quite so obvious. First we need effect 
contexts] these are given by 



e ”= [] I /(ei, ■■■,£„) 

Any effect term t can be written uniquely in the form e[Vi, . . . , 14]. The rules 
are given in Figure El In reading these, if a term appears in a rule, the rule 
only applies if M+ exists. 

To connect the two semantics, we associate an effect value | M \ with any 
closed term M which is terminating in the sense that there is no infinite chain 
of (small step) transitions from M: 

r I iV I (if M ^ TV) 

1-^1“ 'I /(I -^ 1 1) ■ • ■ ) I Nn I) (if ^ ^ Ni, for i = l,n, where n = axf) 

[ a{) (if M i„) 

Proposition 1. The following are equivalent for any closed well-typed M and t 

1. M is terminating, and |TVf|= t 

2. M =>t 

Thus we have two independent characterisations of the evaluation function 
I • I on closed well-typed terms. One could also give a direct recursive definition 
of this function, but one is then faced with interpreting the recursion and re- 
lating this to the above rule-based definitions. While the effort does not seem 
worthwhile here, it may be so for PCF with recursion, as will be seen. 

As the reader may have gathered, there is no possibility of nontermination: 

Theorem 1. Every closed well-typed term terminates. 

Proof. This can be proved by a computability argument. We content ourselves 
with defining the computability predicates. At the types t, o and 1 all values are 
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0^0 



M^e[Vi,...,Vk] 



succ(M) => e[succ(Vi), . . . , succ(14)] 



M^e[Vi,...,Vk] 



M^e[Vi,...,Vk] 



pred(M) => e[pred(Vi) + , . . . , pred(Vfe)+] zero(M) => e[zero(Vi) + , . . . , zero(14)+] 



* ^ * Jf ^ Jf 



L e[Vi, . . . , Vk] (if Vi then M else => U (for i = l,k) 
if L then M else N =t> e[ti , . . . ,tk] 

* => * 

M^ei[Vi,...,Vk] N ^t2lWi,...,Wi] 

<M,N>^ £i[e2[< Vi,lEi >, . . . ,<Vi,Wi >],. . . ,e2[<14, lEi >, . . . ,<Vk,Wi >]] 



M^e[Vu...,Vk] 

7Ti(M) ^ e[7Ti(Vl)+, . . . ,7Ti(Vfc) + ] 



1 , 2 ) 



Aa: : a.M Xx : a.M 



M^6i[Ei,...,14] N ^ t2[Wu...,Wi\ (yjlEj)+ =» ti,- (i=l,k; j= 1, 1) 
MN => ei[e2[tii, • • • ,tii], • • • ,£2[tfci, • • • 

Mi => £i[Vii, . . . , Viki] (i — 1, n) 

, M,) ^ /(£i[Eii. . . . , EifcJ, . . . ,£„[14 i, . . . , 14fcJ) 



Fig. 2. Big Step Operational Semantics. 



computable. A value of product type is computable if both its components are. 
A value Xx : a.M is computable if, and only if, M\V/x\ is for every computable 
value V : a, where we say that a closed term is computable if, and only if, every 
transition sequence from it terminates in a computable value. 

There is a natural equational theory, including “/3-equations” and commuta- 
tion equations for operation symbols. This establishes judgements of the form 



r'a M = N -.a 

where it is assumed that F \- M : a and F h N : a. There are evident rules for 
equality including closure under the term- forming operations. The axioms are 
given in Figure 0 where they are presented as equations, or equational schemas 
M = N; these should be interpreted as judgements F \- M = N : a. The 
commutation schema for operations is equivalent to a collection of equations for 
the individual language constructs. It would be better to allow open values and 
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contexts (in a fairly evident sense) but the more restricted version presented 
here suffices for our purposes. The next proposition makes it easy to verify that 
the denotational semantics models the operational semantics. 

Proposition 2. Suppose that M is a closed term such that M : a. Then if 
M ^ t it follows that \- M = t : a 



zero(O) = tt zero( n + 1 ) = ff 
pred(O) = 0 pred( n + 1 ) = n 
if tt then M else N = M if ff then M else N = N 
ni(<V,V'>) = V TX2{<Vy>) = V' 

{\x : a.M)V = M[V/x] 

£[/(Mi, . . . . M„)] = f{E[Mi],. . . , E[Mr,\) 

Fig. 3. Equations. 



3 PCF without Recursion: Adequacy 



We begin by defining the categorical structures that provide models of our lan- 
guage, building on the sound and complete class of models for the Ac-calculus 
provided by Moggi in m- A model of Ac consists of a category C with finite 
products, together with a strong monad < T,r], p,st > on C, such that T has 
Kleisli exponentials. The latter means that for each pair of objects x and y, the 
functor C(— x x, Ty) : C°^ — >■ Set is representable; in other words, there exists 
an object x ^ y and a natural isomorphism 

(At)z : C(z X x,Ty) ^ C{z,x^ y) 

We write g'^ : z x T{x) ^ T{y) for the parametrised lift of g : z x a: — >■ T{y) 
to z X T{x) (and we use the same notation for the ordinary unparametrised lift 
where g : x ^ T{y) as that is essentially the subcase where z is the terminal 
object). 

We need to extend this with structure for the operations, and for arithmetic 
and booleans. For the former, as already stated, we assume for each n-ary oper- 
ation / a family 
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parametrically natural with respect to morphisms in the Kleisli category Ct; 
this means that for every map g : z x x ^ the diagram 



, X T(x)“ ** ’"”" 1 nyf 



ZX fy; 



X T{x) 



T{y) 



commutes (cf. |27)1. Equivalently we can ask that the family be natural with 
respect to morphisms in the category C and that it respect the monad multi- 
plication and the strength. Assuming that the n-fold coproduct of 1 with itself 
exists in C, one can also show that there is a natural 1-1 correspondence be- 
tween such families and global elements of T(n). Finally, if 1 is a generator then 
parametric and ordinary naturality (with respect to Kleisli morphisms) coincide. 

For arithmetic we assume C has a natural numbers object 



i-5^n4n 



and for the booleans we assume that the sum T =dgf 1 + 1 exists in C. We 
write Iter 3 , (a, /) for the unique morphism from N to a; corresponding to a pair 

of morphisms 1 A a: 4 a;. 

This gives us a C object as the denotation |cr] of each type a, following m 
and taking |t] = N and |o] = T. The denotation |T] of an environment F of 
the form a;i : cti, . . . , a;„ : cr„ is then the product of the denotations of the (7^, as 
usual, and we now have to find the denotations 



[Ml : IF] ^ T(H) 



of terms of type a in the environment F. These are defined as in m for the Ac 
part of our language, once we settle the interpretations of the function symbols 
0, succ, zero, pred, ft and jf. We then have to consider the conditional and the 
effect operations. For the former, it is enough to specify a morphism in C of 

0 s 

appropriate type. For 0 and succ we take 1 — >■ N and N — >■ N respectively; for 
zero and pred we take N A T and N A N, where 2 = Iterx(inl, inrof) and 
p = 7ri°IterNxN(< 0, 0 >,< sotti,tti >) respectively; and for ft and jf we take 



. ini m 1 1 m 

1 T and 1 T. 



In order to give the semantics of conditionals, we note the isomorphisms 



CT{y,zf^C{l,y^zf 
^ C{T, y^z) 
= Ct(T X y, z) 
-CT(yxT,z) 
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and take condz : T{z)^ x T — >z to be the Ct morphism corresponding to the 
pair 7Ti, 7T2 of Ct morphisms from T(z)'^ to z. Now, for a term Mof the form 
if L then M else N, where h M : cr, we define 

|if L then M else Nj = condj^j° « |M], |iV] >, |L] > 

Finally, for a term M of type a of the form /(Mi, . . . , M„) we define 

I/(Mi, . . . , M„)l = /^o < [Ml], . . . , [M„l > 

The next two lemmas say that the semantics of a value is effect free (it exists in 
the sense of ED) and that the above equations are sound for the semantics. 

Lemma 1. Suppose V : a. Then |y| : 1 — ?> |cr] factors through r7|o-|. 

Lemma 2. If T \- M = N : a then |M] = |A^| 

The naturality condition for operations is used here to establish the soundness 
of the commutation schema. In fact, only naturality with respect to Kleisli mor- 
phisms is used (rather than parametric naturality); the latter would be needed 
for open contexts. 

When reading the following adequacy theorem, recall that, by Theorem P 
all computations terminate. 

Theorem 2. Adequacy Suppose that M : a. Then |M] = ||M|] 

Proof. This is an immediate consequence of Proposition 0 and Lemma 0 

This result is very much in the spirit of Mezei and Wright m, and Theorem 
4.26 of |S| is a similar result for recursive program schemes. Such results say that 
the denotational semantics of a program is that of the result of a preliminary 
symbolic computation. Our result may not seem to the reader to be the expected 
statement of adequacy, but it does imply that the semantics of a term determines 
its operational result (at least up to its meaning). Furthermore, as we shall see 
in the next section, it readily yields the adequacy theorem one would expect in 
concrete cases. 

4 Examples 

We take C to be Set in our examples, and consider two monads, one for nonde- 
terminism and the other for probabilistic nondeterminism. 

Nondeterminism 

Here T is the nonempty finite powerset functor, equipped with the evi- 
dent strong monad structure (and recall that every monad on Set has a unique 
strength). We take E to have one binary (infix) operator or, and orx to be 
binary union. Note that is the free semilattice over X (meaning the 
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structure with an associative, commutative and absorptive binary operator); 
this algebraic view of nondeterminism was emphasised in ca.is {0,1}. 

A small step structural operational semantics can be be defined much like 
our general one, except that there is no reason to record whether a “left choice” 
or a “right choice” is made. So the definition of the transition relation — >■„ is 
exactly as the general one except that one puts 

Ml 0 VM 2 — Mi (i=l,2) 

This — >■„ is then the union of the general — >■ and the . 

For big step semantics of nondeterminism one normally defines a nondetermi- 
nistic transition relation between closed terms and values; for example the rule 
for function application is 

M a.M' N M'[V/x] V' 

MN V' 

However, there is another possibility. This is to define a collecting big step tran- 
sition relation M =>„ u between closed terms and nonempty finite sets of values. 
It can be given a structural definition by very similar rules to those for the 
general collecting big step semantics, such as 

M {Ax : a.Mi} N {Vj} Mi\Vj/x] Ujj (for all i,j) 

MN 

Its relation to the normal nondeterministic big step transition relation is that 
for any M : a, 

M =>„ uiS-U= {V \ M =>„ V} 

Now we can make the relationship between operational semantics for 
nondeterminism and the corresponding case of the general operational semantics 
for algebraic effects explicit. First to every effect term t assign a nonempty finite 
set of values h{t) by 

h{V) = {HI 
h(t ovt') = h{t) U h(t') 

Then one has that for any M : cr, 

M =>„ u iff 3t.M t A u = h{t) 

as will be evident from the form of the rules for the collecting big step transition 
relation. 

One has for any effect term t : a that 

WW= u I^K*) 

veh(t) 

and with this one can prove an adequacy theorem for nondeterminism using our 
general adequacy theorem. 
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Theorem 3. For any closed term M : a, 

[Ml(*)= U [F](*) 



Proof. 

|M](+) = ||M|](+) (by TheoremEj) 

= (J 1^1 (*) (by above remark) 

veh(\M\) 

~ U I^K*) above remark) 

M^„V 

As stated this theorem is rather abstract because of the higher types. For a = c 
it takes the form that for any closed term M : u 

m G |M](*) iff M m 

Probabilistic Nondeterminism 

Here things are, perhaps, not quite so simple. We take T{X) to be T>i^{X) the 
set of finite probability distributions over X. The unit rj sends an element of X 
to the corresponding point distribution. Every finite distribution can be repre- 
sented (though not uniquely) as an affine combination point 

distributions (meaning that Pi > 0 and J2i=inPi ~ ^)- "bhe multiplication is 
given by: 

2=1, n 2=1, n 

and the (unique) strength by 

st(<a;, ^ PiV{yi)>) = X! PiP(<x^y^>) 

2=1, n 2=1, n 

We take one operation, a binary “fair-coin” probabilistic choice -I- whose 
semantics is given by 

V +x r>' = l/2y -|- l/2v' 

Note the use of infix notation. A point worth noting is that while V supports 
this family, V^{X) is not the free algebra over X corresponding to the equations 
true of +x as that only generates binary distributions. 

Giving small step operational semantics is a little awkward. One might imag- 
ine using a relation M ^ N where p is 1 if no probabilistic choice is involved 
and 1/2 otherwise. However consideration of the example 0-1-0 shows that some 
information needed to find the distribution of final values is lost this way. If one 
tries a big step semantics M ^ N the problem becomes more acute: consider 
the two terms (0 -I- 1) -I- (1 -I- 1) and (1 -I- 0) -I- (0 -I- 0) . One standard solution 
for the small step semantics is to record enough information on the path taken 
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to resolve any ambiguities; in that case the small step semantics is essentially 
identical to the general one, where one would have both M 0 and M 0 for 
M = 0 + 0. 

There is also a collecting big step transition relation M v where M is 
closed and v \s & distribution over values. Here is an example rule (we now omit 
writing if) 

^ N QjVj Mi[Vj/x] ^p (for all i,j) 

We can relate this to our general collecting big step operational semantics much 
as in the case of ordinary nondeterminism, defining a distribution h{t) over values 
for every effect term t by 

h{V) = V 

h(t + t') = l/2h{t) + l/2h{t') 

and one has for any M : a that M v if, and only if, 3t.M ^ t A v = h{t). 
Proceeding as before we now note that for any effect term t : a 

W(*) = ^p^lViK*) 

where h{t) = ^PiVi, which yields an adequacy theorem. 

Theorem 4. Suppose that M : a and set '^PiXi = |M](*). Then there are Vi 
such that Xi = |hi](*) and M '^PiVi. 

Again, this takes a clearer form for any terms M of type l: 

IMK*) = E Pirrii iff M =^p 

5 PCF with Recursion 

We add recursion to our language by a binding operator: 

Rec {f : a ^ T,x : a.M) 

with the typing rule 

r, f : a ^ T,x : a \- M : t 
r h Rec {f : a ^ T,x : a.M) : a ^ t 

For the operational semantics, we regard this as a new kind of redex and add 
the rule 



Rec {f : a ^ T,x : a.M) -A Xx : a.M[Rec {f : a ^ t,x : a.M ) //] 

This yields the small step operational semantics as before, with the analogous 
definitions of values and evaluation contexts (and with the analogous unique 




14 



G. Plotkin and J. Power 



analysis of closed well-typed terms into one of the forms E[R] or i?[a()]). The 
possible transitions of a closed well-typed term can again be analysed into one 
of three mutually exclusive possibilities. 

What differs from the previous situation is that terms need not terminate 
and so the small step semantics yields a tree of possibly infinite depth, branch- 
ing finitely at labelled transitions but deterministic at unlabelled ones. So it is 
natural to consider infinitary effect values, that is, infinitary T'-terms. The right 
tool for these is CTs{X), the free continuous if-algebra over a set X] it contains 
both finite partial and total elements as well as infinitary ones. (A continuous 
E-algehra is a dcppo equipped with continuous functions of appropriate arity 
for each operation symbol of A; a morphism of such algebras is a strict contin- 
uous function preserving the operations; CTs is the left adjoint to the forgetful 
functor from the category of continuous A-algebras to that of sets — see below 
for the definitions of dcppo, etc.) 

We may think of elements of this algebra as finite or infinite A-terms, with 
elements of X acting as extra constants. The finite ones are given by the gram- 
mar: 

t ::= X \ I 

with X ranging over X and with least element 17. Every element t is is the limit 
of its finite approximants of level k, defined by 

= [2 

( n (if t = 17) 

f{k+i) = < a; (if t = a; G A) 

[ /(tf\ • ■ ■,'tn^) (if t = f{ti, where n = ar/) 

We therefore take the (possibly infinitary) effect values of type a to be the 
elements of CTs{Vala) where Val^ is the set of values of type cr, and wish to 
associate to every term M : a such a value \M\. 

To this end we need to “factor out” the — >■ moves, which we do by defining 
a medium step operational semantics for closed terms, by 

M^V iff M F 

M 4 iV iff 3L.M -)■* L A N 
M Da iff 3T.M L ia 

M j) iff there is an infinite sequence M = Mq — >■ M\ M„ —>■... 

The approximants of level fc of | M | (where M : a) are now defined by | M 17 
and 






V (if M ^ V) 

/(I Ml . . . , I Mn pi) (if M 4 Mi for t = 1, n, where n = ar/) 
a{) (if M ^,) 

17 (if M j)) 




Adequacy for Algebraic Effects 



15 



Lemma 3. Suppose that M : a. Then \ M\ satisfies the following equation. 

{if M = V) 

{ifM^ N) 

, I Nn\) {if M ^ Ni for i = l,n, where n = arf) 

{ifM = E[a{)]) 

This lemma can be strengthened to show that | • | is the least such function, under 
the pointwise ordering; indeed that could be taken as an alternative definition 
of I • |. 

For a collecting big step semantics one would naturally wish to give a system 
of rules defining the relation M => t between closed well-typed terms of type cr 
and effect values in CTs{Valrj) where 

M ^tmt=\M\ 

However it is not immediately clear how to think of a system of finitary rules 
as generating such a relation, let alone the precise form such rules should take. 
A related approach would be to define the evaluation function | • | as the least 
solution to a recursive equation defined by cases following the structure of M. 
Another idea is to define a nondeterministic relation between closed terms and 
finite effect values in CTs{Valo) such that the set of such values is directed and 
has lub the evaluation of the term; one can accomplish this by adding the axiom 
M => 17 and the rule 

Rec {f : a ^ T,x : a.M) => \x : cr.M[Rec (/ : cr — >■ r, x : a.M) //] 

to the other rules; this idea appears in We do not enter further into these 
issues here, turn 

As before there is a natural equational theory. The axioms are as before (but 
for the extended language) together with 

Rec (/ : tr — >■ T, X : a.M) = Ax : a.M[Rec {f : a ^ t,x : a.M) / /] 

This goes well with the medium step semantics 
Lemma 4. Suppose M : a. Then 

1. If M ^ V then \- M = V : a. 

2. If M ^ Ni for i = l,n (where n = arj ) then \- M = f{Ni, . . . , iV„) : a 

3. If M then \- M = a{) : a 

This lemma is an immediate consequence of the evident corresponding lemma 
for small step operational semantics. 

We now turn to denotational semantics, assuming the same categorical struc- 
ture as before, but enriched with a suitable ordering structure to accommodate 
recursion. We use the cartesian closed category Dcpo of dcpos and continuous 
functions, and the closed category Dcppo of dcppos and strict continuous func- 
tions. (A dcpo (complete partial order) is a partial order with lubs of directed 



\M\ = 




n\Nii. 

a{) 
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sets; a continuous function f : P ^ Q between such dcpos is a monotone func- 
tion which preserves the lubs. A dcppo (complete pointed partial order) is a dcpo 
with a least element; a function between such dcppos is strict if it preserves the 
least elements.) 

So we assume that C is Dcpo-enriched and so are T, C-products and the 
Kleisli exponentials. We also assume that Ct is Dcppo-enriched and that the 
strength is strict, in the sense that, stx,y° < f, = -Lz,T{xxy) holds for any 

f : z ^ X. 

With this we can define |cr] as before and also the denotations 

[Ml : |r]^r(H) 

of terms P \- M : a, except for the recursion construct. For this for a term 
P, f : a ^ T, X : a h M : T we set 

|Rec(/ :a^T,x: a.M)j = Y{Xg : C(|F], |cr-;>r]).AT(lM])o <idirj,g>) 

where Y is the usual least fixed-point operator, Y(G) = Vn>o G'"'(_L). 

As before, the semantics is sound for the equational theory; combining this 
with Lemma 01 we obtain 

Lemma 5. Let M : a he a closed term. Then 

1. If M^V then |A/] = |Y] 

2. If M ^ Ni for i = l,n (where n = arp ) then |M] = |/(A^i, . . . , Nn)} 

3. If Mi), then [M] = [aQ] 

Now, since every V : a has a denotation |Y] in the dcppo Ct(1, |ct]) and 
since, for every n-ary operation /, we have an n-ary continuous function on this 
dcppo induced by f^,j , there is a unique continuous, strict Y-homomorphism 

U:CT^{Val,)^CT{l,M) 

lifting |] : Val, Ct’( 1, |cr]). We are now in a position to state the main 
theorem of the paper: 

Theorem 5. Adequacy for recursion. For any term M : a, |M] = ||M|] 

It is straightforward to prove half of this theorem, that |M] > ||M|]. That is 
an immediate consequence of the inequality 

which can be proved by induction on k using LemmaO To prove the other half of 
the theorem we introduce a new language A in order to talk about approximants 
to terms of PCF with recursion. (It would be desirable to find an alternate proof 
using logical relations, e.g., as in !32|.) The language A is obtained by adding 
two new families of constructs 12, and Rec „(/ : a ^ t,x : a.M) to the language 
of Section El with the typing rules: 
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r h 17^ : cr 

and 

r, f : a ^ T,x : a \- M : t 
r h Rec „(/ : a ^ T,x : a.M) : a ^ t 

The redexes and their transitions are defined as in Section El but with the addi- 
tion of: 

Rec„+i(/ : CT — >■ r, a; : a.M) — >• Xx : cr.M[Rec„(/ : a ^ t,x : a.M)/ f] 



and 



Reco(/ ■ a ^ T,x : a.M) — >• Xx : a.Qr 



Values, evaluation contexts and small step transitions are defined analogously 
to before. Every closed well- typed term is either a value or else can be analysed 
uniquely into one of the forms E[K\, E[a()] or E[Qt.\] this yields an evident 
corresponding analysis of the transition possibilities, and we have 



Lemma 6. Every transition sequence terminates, either in a value or in a term 
of the form £’[l7r] • 



Proof. This can again be proved using a computability argument. The com- 
putability predicates are defined as in Theorem Q except that we say that a 
closed term is computable iff every transition sequence from it terminates, ei- 
ther in a computable value or else in a term of the form E[f2r]- 

This allows us to define evaluation \ M \ . For any M : a we define | M | in 
CTsiVal^) by 

{ V (if M = V) 

I TV I (if M^N) 

f 

/(I iVi I, . . . , I I) (if M A Ni, for i = l,n, where n = axf) 

n,, (if M = E[nr]) 

We again have an equational theory. This is as in Section |3 together with 



Rec„+i(/ : a ^ T,x : a.M) = Xx : a.M[ReCn(f ■ a ^ t,x : a.M)/ f] 

Rec o(/ ■ a ^ T,x : a.M) = Xx : a. fir 
E[Qr] = 

As before h M = \ M \: a (if M : a). For the semantics we take the same 
structure as that for PCF with recursion, defined as for the language of Section 0 
and putting for the new constructs 

[Rec„(/ -. a ^T,x: a.M)j = Y^'^\Xg : C(|rl, |(t^t]).At([M])o <id^rj,9>) 
where Y^^^G) = G”(T), and 



=T 
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The equations are sound for this semantics and so we have that |M] = ||M|], 
for M : a. 

With all this in hand we can now turn to the central relation 

M ^ M 

of approximation between ^-terms and terms of PCF with recursion. This is the 
least relation closed under the common term-forming constructs such that x < x, 
Qa -< M, and Rec „(/ : a ^ t,x : a.M) -< Rec {f : a ^ t,x : a.M) if M ^ M. 
It is straightforward to prove that this relation is closed under substitution in 
the sense that \i M < M and N ^ N then M\N /x] < M[N/x\] it is equally 
straightforward to show that \i M < M then |M] < |M] (where F \- M : a and 
T h M : cr). 

The nth-approximant of M is obtained by replacing every occurrence 

of Rec by one of Rec „• Clearly ^ M and if T h M : cr then F h : a; 
further, for any term F \- M : a, is increasing and has lub |M] (as can 

be shown by a straightforward induction on n). For the next lemma we extend 
the definition of the ^ relation to contexts, taking [ ] ^ [ ]. 

Lemma 7. Suppose that M < M where M : a and M : a. Then: 

F If M is a value, so is M. 

2. If M has the form E[R] then M has the form E[R\ where E ^ E and R ^ R. 

3. If M has the form if[a()] then M has the form E[a{)] where E ^ E. 

Lemma 8. Suppose that R ^ R where R : a and R : a. Then: 

1. If R ^ N then, for some N N , R ^ N . 

2. If R ^ Ni, for i = 1, arj then for some Ni >- Ni, R ^ Ni. 

Proposition 3. Suppose that M < M where M : a and M : a. Then we have 
that [|M|1<[|M|]. 

Proof. The proof proceeds by well-founded induction on the (union of) the tran- 
sitions from M and cases on its form. 

Suppose that it is a value. Then so is M, by Lemma 0 and so we have that 
\M\ = M, \ M\ = M and |M] < |M] (as M -< M). Taking these facts together 
yields the required conclusion. 

Next, suppose that M has the form E[R\. Then by Lemma 0 M has the 
form E\R\ where E < E and R < R. There are two subcases. In the first R ^ N 
and so, by Lemma 0 for some N y N, R ^ N. But then we have: 

II M |] = ||F;[fV] |] (by lemma 0 

< II if [IV] I] (by induction hypothesis, as E[N] ^ E[N]) 

= II M I] (by lemma 0 

The second subcase is where R A Ni, for i = l,ary, and this is dealt with 
similarly. 

Finally, the case where M has the form if[a()] is straightforward. 
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This proposition immediately yields the other half of Theorem 0 as we have 

[M] = V 

n>0 

n>0 

< II M I] (by the lemma) 

6 Examples and Recursion 

We now take C to be Dcpo in our examples, and again consider two monads, 
for nondeterminism and probabilistic nondeterminism. 

Nondeterminism 

The original powerdomain construction was not defined for all dcppos; the free 
continuous algebra approach of nan yields a usable definition for all dcppos. 
For dcpos we take T{P) to be the free dcppo over P which is also a continuous 
semilattice. This can be usefully analysed further. Let S{P) be the free contin- 
uous semilattice over a dcpo P; the existence of such algebras follows from the 
adjoint functor theorem, as in, e.g., n. We write U for the semilattice opera- 
tion. This is a Dcpo-enriched monad and so has a unique continuous strength. 
One can show that if, in fact, P is a dcppo then so is S{P), and, indeed, it is the 
free continuous semilattice over P in Dcppo; thus it is the powerdomain in the 
sense of m Now let P± be the free dcppo over a dcpo P. Then one has that 
T(P) is 5(Pj_). 

For a set X — considered as a fiat dcpo — T{X) is easy to describe directly. It 
consists of all subsets of X± which are either finite or are countable and contain 
T. Such sets are ordered by the Egli-Milner ordering u < v ii, and only if, either 
1) Ts X and u\ Tc v or 2) X and u = v. A lub \/ Uk of an increasing 
sequence contains a; G X if, and only if, some Uk does, and T if, and only if, 
every Uk does. Finally, Ux is set-theoretic union, and r]x{x) is the singleton {a:}. 

The small step semantics — >■„ is, as before, the union of the general — >■ and 
the We write M if there is no infinite transition sequence from a term 
M : cr; since — is finitary there is then, by Konig’s lemma, a bound on the 
length of such transition sequences. Linking up to the evaluation | M \ one finds 
that M — >■* V if, and only if, V occurs in | M | (meaning that it occurs in some 
approximant) and M if, and only if, | M | is finite and total (meaning that it 
contains no occurrence of any f2r)- 

Here is an adequacy theorem for ground types (i or o). 

Theorem 6. Let a he a ground type and suppose that M : a. Then x € |M](+) 
if, and only if, one of the following hold 



1. M —>■* V and x = |E](=t=) 

2. M and x =T 
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Proof. We have that IM](*) = ||M|](*) = V„>oII ^ 

Suppose first that x f^_L. Then x € for some n and it follows 

that {a;} = |i^](*) for some V that occurs in For such a F we have that 

V. 

Suppose instead that x =_L. Then T is in every ||M|("-)](+). Since no |i^](*) 
is {T} at ground types (actually at all types), it follows that no is total 

and hence that M 



Essentially this result is in m and a stronger one for both call-by-name and 
call-by- value is in UDI ; see mm for work on call-by-name and nondeterminism. 
One can presumably also prove an adequacy theorem at other types, but the 
statement is more complex due to the need for closure operators in the set- 
theoretic representation of powerdomains, and there is some work to be done 
in extending the theory of bifinite domains to predomains (a dcpo P should be 
bifinite if, and only if, P± is); see, e.g., I1I24I25I for details on powerdomains. 
However part of the conjectured theorem is simple to state, that at any type 
cr, if M : a then Ts |M](=t=) if, and only if, M As well as the above convex 
powerdomain, one can also prove appropriate adequacy theorems for the upper 
(Smyth) and lower (Hoare) powerdomains. 



Probabilistic Nondeterminism 



We take T to be V, where V{P) is the dcpo of all evaluations on P. This functor 
and its strong monad structure is discussed in and see, e.g., PS|; we just 
note that rjp{x) is the singleton evaluation. The semantics of probabilistic choice 
-|- is again an affine combination, this time of evaluations 

V +x v' = l/2z/ -I- \j2v' 

V{P) is a dcppo which is a continuous A-algebra, and for any f : P ^ V{Q), 
is a strict, continuous A-algebra morphism. 

As discussed before we can take the small step operational semantics to be 
the general one (for this case), and the question is rather one of interpretation. 
Let us write w to range over words in the alphabet {-ki, 4 - 2 }- We write M ^ N 
to mean that w describes a sequence of medium step transitions from M to N . 
Now for a term M : a and value V : a set 



Prob(M, V) = \M ^V} 



Define a function 6 from closed terms of type a to the closed interval [0, 1] by 
9{M) = Prob(M, V). Then 9 obeys the equation 



9{M) 



1 (if M ^ V) 

0 (if M ^ W yf V) 

l/29{Ni) + 1/29{N2) (if M U N, {i = 1, 2)) 

0 (if M jT) 



( 1 ) 
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This equation determines 9 uniquely (use the Banach fixed-point theorem with 
the metric d{6,9') = ~ 0'{M) |). 

The next lemma relates the small step semantics of a term to its evaluation. 
Let h be the unique strict continuous A'-algebra morphism from CT^iVala-) to 
V{Vala). The statement of the following lemma makes implicit use of the fact 
there there are at most countably infinitely many values of a given type, and that 
weighted countably infinite sums of evaluations exist (being defined pointwise). 

Lemma 9. Suppose that M : a. Then 

h{\M\) = ^Proh{M, V)p{V) 

V -.a 

Proof. It is straightforward to see that h{\ ■ |) obeys the following equation (use 
the equation given for | • | in the previous section) 

r r){V) (if M ^ V) 

H\M\) = I l/2/i(|7Vi|) + l/2/i(|A^2|) {ifMUN, (i = 1,2)) 

U (if M ]jf) 

It follows that, for any V \ a, h{\ ■ |)(y) satisfies equation [Q and so as this 
equation has a unique solution, viz Prob( ■ ,V), the conclusion follows. 

This enables us to prove an adequacy theorem at all types. 

Theorem 7. Suppose that M : a. Then 

lMl(*) = ^Pro6(M,P)[Pl(*) 

V-.a 



Proof. Both |-](*) and (|■](*))f °h are strict continuous if-homomorphisms 
from CTsiy al„) to V(|cr]), and both extend I’K*) : V — ?> V(|cr]). They 
are therefore equal. We may then calculate: 

|M] = II M I] (by Theorem El 
= (I.](*))t)(M|M|)) 

= (I • ](*))i)(^ Prob(M, L)t 7 (L)) (by Lemma El 
v-.a 

= ^Prob(M,P)(I.](*))t)(,y(t/)) 

V \(7 

= ^Prob(M,P) [!/](*) 

V -.(7 

An adequacy theorem for FPC with probabilistic choice was already proved 
in US] (FPC can be viewed as an extension of our PCF with recursive types); 
for work on call- by-name and probabilistic nondeterminism see [0|. 
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7 Conclusions 

It is interesting to work out other examples. Printing provides one example, 
where one has a unary operation prints for each symbol a of an alphabet A, and 
for Set one can take the (noncommutative) monad T(X) = A* x X, which is, in 
fact, the free i7-algebra over X; for Dcpo one would also allow the possibility of 
infinite printing, and use CTs{P), the free continuous 27-algebra over P. Here 
the general operational semantics is very much the same as what one would write 
anyway and it is straightforward to read off adequacy results for printing from 
the general theorems. An example worth some investigation is the combination 

(T>i^(X)) of probabilistic and ordinary nondeterminism; there is natural dis- 
tributive law A : 22(^(lF+(A)) — >■ {'Di^{X))w\ach makes this a monad; this 
way to combine the two forms of nondeterminism is used in a domain-theoretic 
context in ^ — modulo actions — and mentioned in PD| where an interesting idea 
of restricting to affine sets of evaluations is advocated. 

In so far as we are successful with such examples, the question of how to 
treat other monads and their operations is the more pressing; exceptions, state 
and continuations all come immediately to mind. Possibly relevant here is the 
translational approach to defining operations in jS], but adapted to Ac rather 
than the metalanguage; the idea would be to recover operational semantics via 
the translations. Ultimately, we would hope to incorporate the treatment of 
operational semantics into a modular approach to computational effects, e.g., 
along the lines of ;2til2Sp2h] . 

An obvious question is to consider language variations, such as an extension 
with recursive types or call-by-name; for the latter it would be preferable to use 
a framework incorporating both parameter-calling mechanisms, such as Levy’s 
CBPV jIH]. More intriguingly, one would wish to reconcile this work with the 
co-algebraic treatment of operational semantics in with its use of behaviour 
functors and co-monads contrasting with our use of monads. 
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